New consolidated interdiff for simplified review
I added a Depends fix, so here are the new files.
tomcat6 (6.0.18-0ubuntu1) intrepid; urgency=low
* New upstream version (LP: #260016)
- Fixes CVE-2008-2938: Directory traversal vulnerability (LP: #256802)
- Fixes CVE-2008-2370: Information disclosure vulnerability (LP: #256922)
- Fixes CVE-2008-1232: XSS through sendError vulnerability (LP: #256926)
* Dropped CVE-2008-1947.patch (fix is shipped in this upstream release)
* control: Improve short descriptions for the binary packages
* copyright: Added link to /usr/share/common-licenses/Apache-2.0
* control: To pull the right JRE, libtomcat6-java now depends on
default-jre-headless | java5-runtime-headless
** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1232
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1947
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2370
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2938
** Attachment added: "tomcat6-6.0.18-0ubuntu1.interdiff"
http://launchpadlibrarian.net/16982788/tomcat6-6.0.18-0ubuntu1.interdiff
--
Update to Tomcat 6.0.18
https://bugs.launchpad.net/bugs/260016
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs